INTRODUCTION
Welcome to HerculesSecret privacy notice.
At HerculesSecret, we value your privacy and are committed to safeguarding your personal data. This privacy notice explains how we handle your personal data when you visit our website, regardless of your location, and outlines your privacy rights and the protections afforded to you under the law.
To provide you with a comprehensive understanding of how we manage your personal data, this notice is organized in a layered format, allowing you to easily navigate to specific sections of interest.
1. Important Information and Who We Are
Purpose of This Privacy Notice
This privacy notice aims to inform you about HerculesSecret practices regarding the collection and processing of your personal data through the provision of our products/services and your use of our website. This includes data you may provide when signing up for newsletters or publications, purchasing products, or participating in competitions.
Please note that our products/services and website are not intended for children, and we do not knowingly collect data related to children.
It is essential that you read this privacy notice alongside any other privacy or fair processing notices we may provide on specific occasions when collecting or processing your personal data. This notice supplements those notices and does not supersede them.
Controller
HerculesSecret operates under the trading name of A & E Future Company and serves as the controller responsible for your personal data (referred to as “bulk™,” “we,” “us,” or “our” in this notice).
If you have any questions about our privacy practices, please contact our DPO using the details provided below.
Contact Details
You can reach us at:
Legal Entity: A & E Future Company (trading as HerculesSecret)
Email: [email protected]
Postal Address: Burkersdorfer Wg 19, 01189 Dresden, Germany
If you have concerns about our data practices, you have the right to lodge a complaint with the BfDI, the Germany supervisory authority for data protection issues (www.bfdi.bund.de). However, we encourage you to contact us first to address your concerns.
Third-Party Links
Once you leave our website and access these third-party sites, we encourage you to review their respective privacy notices or statements. This will help you understand how they collect, use, and protect your personal information. We cannot be held liable for the privacy practices or content of these external sites and recommend exercising caution when interacting with them.
THE DATA WE COLLECT ABOUT YOU
Personal data refers to any information about an individual from which that person can be identified. It excludes data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer various types of personal data about you, which we categorize as follows:
Identity Data: Includes your first name, last name, username or similar identifier, title, date of birth, and gender.
Contact Data: Encompasses your billing address, delivery address, email address, and telephone numbers.
Financial Data: Comprises bank account and payment card details.
Transaction Data: Contains details about payments to and from you, along with other particulars of products and services you have purchased from us.
Technical Data: Involves internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Profile Data: Encompasses your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and other interactions with us.
Usage Data: Consists of information about how you use our website, products, and services.
Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties, as well as your communication preferences.
It is crucial that the personal data we hold about you remains accurate and current. Please notify us of any changes to your personal data during your relationship with us, or update your account details online.
Additionally, we collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data does not directly or indirectly reveal your identity but may be derived from your personal data.
We do not explicitly collect any Special Categories of Personal Data about you (e.g., details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data). However, we may collect information that could be used to infer Special Categories of Personal Data about you based on the details you provide us when selecting your account preferences. We assure you that we will not use these preferences to make inferences about Special Categories of Personal Data about you. Instead, these details will only be used to provide you with product recommendations that we believe you will appreciate. You have full control over whether to disclose this information; it is not required to access our website or place an order for our products.
Please be aware that if you provide us with this information, we will process it based on your explicit consent. You have the right to withdraw this consent at any time by updating your account preferences or contacting us to request that we cease processing such information.
Failure to Provide Personal Data
If we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have with you. For example, we may be unable to provide you with goods or services. In such cases, we will notify you if this is the situation at the time.
HOW IS YOUR PERSONAL DATA COLLECTED?
We employ various methods to collect data from and about you, including:
1. Direct Interactions:
You may provide us with your Identity, Contact, and Financial Data by filling in forms or corresponding with us via post, phone, email, or other means. This includes personal data you provide when you:
Apply for our products or services
Create an account on our website
Subscribe to our service or publications
Request marketing materials
Participate in competitions, promotions, or surveys
Provide feedback
2. Automated Technologies or Interactions:
As you engage with our website, we may automatically gather Technical Data about your device, browsing actions, and patterns. We collect this personal data using cookies and similar technologies. Please refer to our cookie policy for more information.
3. Third Parties or Publicly Available Sources:
We may receive personal data about you from various third parties or publicly available sources, including:
Technical Data from providers such as Google Analytics, enabling us to understand visitor interactions with our website and optimize its performance.
Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.
Contact Data from individuals referring you via a refer-a-friend scheme.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Typically, we rely on the following lawful bases to ensure that your personal data is processed lawfully:
1. Performance of Contract:
We may process your data when it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
2. Legitimate Interest:
We may process your personal data based on our legitimate interests in conducting and managing our business to provide you with the best service, product, and experience possible. Before doing so, we ensure that we assess and balance any potential impact on you, both positive and negative, and your rights. We do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted by law. For further information on how we assess our legitimate interests, please contact us.
3. Compliance with Legal or Regulatory Obligations:
We may process your personal data when necessary to comply with a legal or regulatory obligation that we are subject to.
4. Consent:
In some cases, we may process your personal data based on your freely given, specific, informed consent. We generally do not rely on consent as a legal basis for processing your personal data, except for sending third-party direct marketing communications to you via email or text message. You have the right to withdraw your consent to marketing at any time by contacting us.
Please note that withdrawing consent does not affect the lawfulness of any processing conducted prior to the withdrawal, nor does it affect processing based on other lawful bases.
MARKETING
We aim to provide you with choices regarding certain uses of your personal data, particularly concerning marketing and advertising.
PROMOTIONAL OFFERS FORM US
We may utilize your Identity, Contact, Technical, Usage, and Profile Data to analyze what we believe you may want or need, or what might be of interest to you. This helps us determine which products, services, and offers may be relevant to you (referred to as marketing).
You will receive marketing communications from us if you have requested information from us, purchased goods or services from us, or provided your details when entering a competition or registering for a promotion, and have not opted out of receiving such marketing.
CAN YOU BE REMOVED FROM OUR MAILING LIST?
HerculesSecret will send you special offers and promotions via post, email, SMS, and RCS if you are an existing customer or have consented to receive such promotions as a new customer, or if you have not opted out. If you prefer not to receive offers and promotions via email, you can unsubscribe using the link provided in all marketing communications. We will make every effort to promptly remove you, although it may take time to fully remove you from our email mailing list, resulting in a possibility of receiving one or two more emails. If you wish to stop receiving offers and promotions via post, SMS, or RCS, please inform us at [email protected]. Note that our postal marketing materials are prepared in advance, so the removal process may take time, potentially resulting in receiving one additional communication.
If your details are included in a recognized ""opt-out"" list in your jurisdiction, HerculesSecret will endeavor to ensure you do not receive marketing materials from us unless you have requested otherwise.
CAN YOU RE-SUBSCRIBE TO OUR MAILING LIST?
If you previously asked us not to send offers but have since changed your mind, please contact us at [email protected]
COOKIES
You have the option to configure your browser to refuse all or some browser cookies, or to receive alerts when websites set or access cookies. However, if you choose to disable or refuse cookies, please be aware that certain parts of this website may become inaccessible or may not function properly. For more detailed information about the cookies we use, please refer to our cookie policy.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another compatible reason. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in accordance with the above guidelines, where required or permitted by law.
DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes:
Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. In such cases, the new owners may use your personal data in the same manner as described in this privacy notice.
Service providers acting as processors who provide various services on our behalf, including IT and system administration services; marketing services (such as our refer a friend partners); ecommerce platforms and support functions; shipment tracking services; website and product review services; accountancy services; communication platforms; and customer relationship management platforms.
Couriers who assist in delivering our products.
Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions. We do not sell or provide your data to other companies for their own marketing purposes.
INTERNATIONAL TRANSFERS
When we transfer your personal information outside of the EEA to provide an adequate level of personal information protection, we ensure that such transfers are conducted in compliance with data protection legislation.
Some of the external third parties to whom we transfer personal data are based outside the European Economic Area (EEA). We only transfer your personal data outside of the EEA when necessary to process your order or to fulfill the purposes outlined in this policy.
Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside of the EEA.
DATA SECURITY
We have implemented suitable security measures to prevent your personal data from being accidentally lost, accessed, used, altered, or disclosed without authorization. Additionally, we restrict access to your personal data to employees, agents, contractors, and other third parties who require access for legitimate business purposes. These individuals are bound by confidentiality obligations and will only process your personal data on our instructions.
We have established procedures to address any suspected personal data breaches and will notify you and any relevant regulator of a breach where we are legally obligated to do so.
Protection of Information on Internal Systems
We ensure the privacy of your information through various measures:
Access to customer account information is restricted to authorized personnel necessary for their job functions.
Our system employs robust login and password controls.
All employees, whether full or part-time, are mandated to sign a confidentiality agreement as part of their employment terms.
Confidentiality and database access controls undergo periodic review and updates to enhance protection of personal data.
We utilize appropriate procedures and technical security measures such as encryption, anonymization, and archiving techniques across our computer systems, networks, and website to safeguard your information.
If you have any concerns regarding the personal and account information we hold about you, please do not hesitate to contact us at [email protected]. We will gladly review your file and update the records as necessary.
DATA RETENTION
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for meeting any legal, accounting, or reporting requirements.
The determination of the appropriate retention period for personal data involves considering various factors such as the quantity, nature, and sensitivity of the personal data, the potential risk of unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether those purposes can be achieved through alternative means, as well as the relevant legal requirements.
You have the right to request the deletion of your data in certain circumstances; please refer to the "Request for Erasure" section below for more details.
Under certain circumstances, we may anonymize your personal data (rendering it no longer identifiable as yours) for research or statistical purposes. In such cases, we may retain and use this anonymized information indefinitely without providing further notice to you.
YOUR LEGAL RIGHTS
Under data protection laws, you have certain rights regarding your personal data.
Request Access: You can request access to the personal data we hold about you, allowing you to verify that we are processing it lawfully.
Request Correction: If you believe any of your personal data is incomplete or inaccurate, you can request corrections to be made.
Request Erasure: You have the right to ask us to delete or remove personal data under certain circumstances, such as when it is no longer needed for the purposes for which it was collected.
Object to Processing: You can object to the processing of your personal data, particularly when we rely on legitimate interests as the legal basis for processing.
Request Restriction: You have the right to request the restriction of processing of your personal data in certain situations, such as when its accuracy is contested or the processing is unlawful.
Request Data Portability: You can request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
Withdraw Consent: If we rely on your consent for processing your personal data, you have the right to withdraw it at any time. However, this will not affect the lawfulness of processing prior to withdrawal.
If you have any questions or wish to exercise any of these rights, please contact us. We are here to assist you.
NO FEE USUALLY REQUIRED
You will not be charged a fee to access your personal data or to exercise any of your rights. However, if your request is deemed unfounded, repetitive, or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in certain circumstances.
WHAT WE MAY NEED FROM YOU
To confirm your identity and ensure your right to access your personal data, we may need specific information from you. This is a security measure to prevent unauthorized disclosure of personal data. We may also ask for additional information to expedite our response.
TIME LIMIT TO RESPOND
We aim to respond to all legitimate requests within one month. If your request is complex or if multiple requests have been made, it may take longer to process. In such cases, we will keep you informed of the progress and any delays.
CHANGES TO THE PRIVACY POLICY
Thank you for reviewing our privacy notice.
This version was last updated on February 14, 2024.
We may update this privacy notice periodically, such as in response to changes in the law. We advise checking this notice regularly to stay informed.